Claims 



What Is Claimed Is: 



5 1. A method for providing user authentication comprising: 

(a) sending, by a first unit, user identification data to an authentication 
unit; 

(b) using the user identification data to determine which intermediate 
destination unit will receive an authentication code to be used to 

1 0 authenticate the user; 

(c) sending the authentication code to the determined intermediate 
destination unit based on the user identification data via a first secondary 
channel; 

(d) re-transmitting , by the intermediate destination unit, the 

1 5 authentication code to the first unit via a second secondary channel in a 

way that is transparent to the user; 

(e) in response to receiving the re-transmitted authentication code from 
the intermediate destination unit, returning the authentication code to the 
authentication unit; and 

20 (f) authenticating the user when the returned authentication code is 

determined to be suitable. 



2. The method of claim 1 including the step of providing selection of a third unit 
transparent authentication code submission scheme and selecting the third unit 
25 transparent authentication code scheme in response to receiving selection data. 



3. The method of claim 1 including the step of maintaining per user destination unit 
data including at least one destination unit identifier per user and wherein the step 
of using the user identification data to determine which destination unit will 
30 receive the authentication code includes sending the authentication code to the 



25 



determined intermediate destination unit based on the stored per user destination 
unit identifier. 

The method of claim 1 wherein the second secondary channel is short range 
channel and including the step of notifying, by the second unit, the first unit of a 
short range secondary channel used to receive the retransmitted authentication 
code from the third unit. 

The method of claim 1 including the steps of: 

prior to returning the authentication code to the authentication unit, 
digitally signing, by the first unit, the returned authentication code to 
produce a digitally signed authentication code that was received from the 
determined destination unit; and 

verifying the digitally signed authentication code as part of step (f). 
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6. A method for providing user authentication comprising: 

receiving by an intermediate unit, from an authentication unit via a 
first secondary channel, an authentication code for a first unit; and 

re-transmitting , by the intermediate destination unit, the authentication 
5 code to the first unit via a second secondary channel in a way that is 

transparent to a user of the first unit. 

7. The method of claim 6 including the step of transforming the authentication code 
prior to the step of re-transmitting via the second secondary channel. 

10 
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8. A method for providing user authentication comprising: 

sending, by a first unit, user identification data to an authentication 
unit; 

receiving a re-transmitted authentication code that was previously sent 
by an authentication unit to an intermediate destination unit; and 

in response to receiving the re-transmitted authentication code from 
the intermediate destination unit, returning the authentication code to the 
authentication unit. 

9. The method of claim 8 including the step of controlling a short range receiver to 
receive the re-transmitted authentication code in response to receiving notification from 
the authentication unit and wherein returning the authentication code to the authentication 
unit includes returning the authentication code in a way that is transparent to the user of 
the first unit. 
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1 0. A storage medium comprising: 

memory containing executable instructions that when executed by one or 
more processors, causes the one or more processors to: 

send, by a first unit, user identification data to an authentication unit; 
5 use the user identification data to determine which intermediate 

destination unit will receive an authentication code to be used to 
authenticate the user; 

send the authentication code to the determined intermediate destination 
unit based on the user identification data via a first secondary channel; 
1 o re-transmit, by the intermediate destination unit, the authentication 

code to the first unit via a second secondary channel in a way that is 
transparent to the user; 

in response to receiving the re-transmitted authentication code from 
the intermediate destination unit, return the authentication code to the 
15 authentication unit; and 

authenticate the user when the returned authentication code is 
determined to be suitable. 



20 1 0. The storage medium of claim 1 0 including memory containing instructions that when 
executed by one or more processors, causes the one or more processors to provide 
selection of a third unit transparent authentication code submission scheme and 
selecting the third unit transparent authentication code scheme in response to 
receiving selection data. 

25 

12. The storage medium of claim 10 wherein the second secondary channel is short 
range channel and including memory containing instructions that when executed by one 
or more processors, causes the one or more processors to notify, by the second unit, the 
first unit of a short range secondary channel used to receive the retransmitted 
30 authentication code from the third unit. 
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13. A system for providing user authentication comprising: 

a first unit; 

a second unit operatively coupleable to the first unit via a primary wireless 
channel and operatively coupleable to an authenticator; and 
5 a third unit, operatively coupleable to the second unit via a wireless back 

channel and operatively coupleable to the first unit via a secondary short range 
channel, 

the first unit operative to send primary authentication information via the 
primary channel during a session to the second unit; 
10 the authenticator operative to use the primary authentication information 

to determine which destination unit, other than the first unit, will receive an 
authentication code as secondary authentication information via the wireless back 
channel and wherein the destination unit is the third unit; 

the second unit operative to the send the authentication code on the 
1 5 wireless back channel to the destination unit based on the primary authentication 

information sent via the primary channel during the same session; 

the destination unit operative to re-transmit the authentication code to the 
first unit via a second secondary channel in a way that is transparent to a user of 
the first unit; 

20 the first unit operative to return the authentication code on the wireless 

primary channel to the second unit during the same session; and 

the authenticator operative to authenticate the user when the returned 
authentication code received from the wireless primary channel is determined to 
be suitable. 

25 

14. The system of claim 13 wherein the authenticator maintains per user destination 
unit data including at least one destination unit identifier per user and sends the 
authentication code to the second unit for transmission to the destination unit based on 
the stored per user destination unit identifier. 

30 
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15. The system of claim 13 wherein the first unit includes a cryptographic engine and 
prior to the first unit returning the authentication code for the authenticator, digital signs 
the returned authentication code to produce a digitally signed authentication code that was 
received from the third unit; and wherein the authenticator verifies the digitally signed 
authentication code as part of authenticating the user. 
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16. An apparatus for providing user authentication comprising: 

means for receiving from an authentication unit via a first secondary 
channel, an authentication code for a first unit; and 

means for re-transmitting the authentication code to the first unit via a 
5 second secondary channel in a way that is transparent to a user of the first 

unit. 



17. The apparatus of claim 16 including a transformation circuit that transforms the 
authentication code prior to re-transmitting via the second secondary channel 

10 
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